<html>

<head>
<title>OKKAM User Data Privacy Policy</title>
</head>

<body bgcolor=white lang=EN-US>

<table border="0" align="center" width="85%">
<tr><td>

<div class=Section1>

<p  align=center style='text-align:center'><b><span style='font-size:14.0pt;'>OKKAM User Data
Privacy Policy</span></b></p>

<p  align=center style='text-align:center'> <span style='font-size:10.0pt;'>/Last updated on November 26, 2009/</span></p>

<p>&nbsp;</p>

<p><b>1.&nbsp;&nbsp;&nbsp;General Scope</b></p>

<p>
This policy applies to user private information stored or held by the OKKAM project.
The Project governs the user private information as
closely as possible to Regulation (EC) 45/2001 &nbsp;<a href="#_ftn1"
name="_ftnref" title="">[1]</a>.
</p><br>

<p>
OKKAM (referred to hereafter as the Project) is a large-scale integrating project
funded by the European Commission under the 7th Framework Program. The Project
provides a scalable and sustainable infrastructure, called the Entity Name System
(ENS), for making systematic reuse of global and unique entity identifiers.
The ENS stores identifiers for entities and provides a collection of core
services needed to support their pervasive reuse.
</p><br>

<p>
The Project is collaboratively developed by its users using the Project's software
and ENS core services, and any third-party services based on the Project's
software and core services.
</p><br>

<p>
This policy does not cover privacy aspects of entities and their global identifiers
stored at the ENS servers. This policy covers users' personally identifiable
information collected or stored by the Project on its servers in relation to
the Project's activities and its community process. The Project collects and
retains the least amount of personally identifiable information needed to
fulfill the Project's operational needs.
</p><br>

<p>
Registration is not required for use of some of the Project's services.
Anonymous access to the Project ENS system is allowed to those services intended 
for open and uncontrolled community access. An example of such a service is the 
ENS entity query service, which if accessed publicly, returns all results 
filtered out for the general public.
</p><br>

<p>
Registration is required for use of some of the ENS services, such as anyone with
Internet access (and not otherwise restricted from doing so) may create ENS
entities by logging in as a registered user, and may edit ENS entities by logging
in as a registered user and, whenever necessary, attesting possession of
administrator privilege.
</p><br>

<p>
By creating and editing ENS entities, users create a published document, and a 
public record of every word added, subtracted, or changed. This is a public act, 
and users are identified internally as the author of such changes (for example 
by logging such information). All contributions made to the Project, and all 
publicly available information about those contributions, are irrevocably 
licensed and may be freely copied, quoted, reused and adapted by third 
parties with few restrictions.
</p><br>

<p>
Interactions with the Project not covered by this Policy include, but are not
limited to, aspects of browsing Project's pages, use of the Project
&quot;e-mail user&quot; function, subscribing and posting to the Project
hosted e-mail lists, and corresponding with volunteers via the Project
communication means. These interactions may reveal a contributor's IP
address, and possibly other personal information, indiscriminately to the
general public, or to specific groups of volunteers acting independently
of the Project.
</p><br>

<p>Users may interact with one 
another outside of the Project system, via email, IRC or other chat, or 
independent websites, and should assess the risks involved, and their personal 
need for privacy, before using these methods of communication.
</p><br>

<p>1.1.&nbsp;&nbsp;&nbsp;&nbsp; Purpose of the collection of private information</p>

<p>The Project limits the collection 
of personally identifiable user data to purposes, which serve the well-being of 
the project, including but not limited to the following:
</p><br>

<ul>
<li>To enhance the public accountability of the Project. The Project recognizes that 
any system that is open enough to allow the greatest possible participation of 
the general public will also be vulnerable to certain kinds of abuse and 
counterproductive behavior. The Project and the community have established a 
number of mechanisms to prevent or remedy abusive activities. For example, when 
investigating abuse on data, including the suspected use of malicious 
&quot;sockpuppets&quot; (duplicate accounts), vandalism, harassment of other users, or 
disruptive behavior, the IP addresses of users (derived either from those logs 
or from records in the database) along with their registered personal 
information may be used to identify the source(s) of the abusive behavior. This 
information may be shared by users with administrative authority who are 
charged by the community with protecting the Project. 

<li>To provide site statistics. The Project stores raw log data from users' interactions. 
These logs are used to produce the site statistics pages; the raw log data is 
not made public.

<li>To solve technical problems. Log data may be examined by developers in the course 
of solving technical problems and in tracking down badly-behaved web spiders 
that overwhelm the Project's system.
</ul>

<p>&nbsp;</p>

<p><b>2.&nbsp;&nbsp;&nbsp;Privacy Statements</b></p>


<p>2.1.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;What information is collected and through which technical means</p>

<p>
Upon successful registration, a user obtains his/her registration data in a single
file <i>encrypted</i> with the specified password in the registration form. The obtained
registration data includes: (i) user's private key and the corresponding user's public-key certificate
(also known as identity certificate) digitally signed by a Project's
trusted certification authority, and (ii) a set of the Project's trusted
certification authorities, forming a trust chain of certificates to the user's
public-key certificate. The user's public-key certificate includes user's
distinguished name, user's public key, and the distinguished name of the
issuing certification authority.
</p><br>

<p>
A user is identified by its 
distinguished name, which is a composition of its personal information, such as 
first and last names, country of residence, organization of current employment, 
e-mail address and username.
</p><br>

<p>
The use of username is only for 
convenience of users when using their registration data. The username has no 
special role, and it is not necessary to be unique (in contrast to classical 
username/password authentication systems). Technically, the username is only used 
to refer to users' private key information (also called alias of key entry)
inside the obtained registration file.
</p><br>

<p>
The e-mail address, a mandatory part 
of the registration data, is used as a unique identifier in order to avoid registration 
of duplicate records.  The e-mail address provides the only means the Project 
communicates with a user. The Project does not guarantee that the e-mail 
address will be changed on request.
</p><br>

<p>
Users select a password, which is confidential and used only at users' side to
protect and verify the integrity of their registration data. The ENS system
does not store users' passwords. Except insofar law may require it, no person
should disclose, or knowingly expose user passwords.
</p><br>

<p>
The data obtained from the registration process and stored in the Project's 
system includes a user's public-key certificate, and, if a user explicitly 
agrees, the private key information corresponding to the user's public-key 
certificate. In case of forgotten password or lost registration data, the user 
can recover its registration data by using the Project's registration data 
recovery service, only if the user's private key information is stored  
in the ENS system.
</p><br>

<p>
The user account information 
contains enough information for the Project to have reasonable confidence that 
its subsequent usage is by the user only, or by someone with access to the 
information the user provided (including the password).
</p><br>

<p>
The Project also grants users with special attribute-based privileges (also 
called credentials) for well-being of the Project and its community growth. 
An attribute certificate contains the user's distinguished name (the same as 
indicated in the user's public-key certificate), the attribute the user
possesses, and the issuer's distinguished name that signed the 
attribute certificate.
</p><br>

<p>
All users wishing to obtain an attribute certificate must be registered ENS
users. Attribute certification is a non-automated process, and depending on the
attribute one wishes to obtain, it requires a specific authorization process
by a dedicated ENS community user qualified as &quot;ENS Public Authorization
Manager&quot;.
</p><br>

<p>
For example, if a registered user wishes to become an administrator of ENS, 
the same has to contact the ENS authorization manager, and via a proof of 
authenticity and ability to be such, the authorization manager may grant 
the user the right to be administrator.
</p><br>

<p>
Any administrator user can delegate to other registered users the right of
being &quot;ENS Public Trusted Entity Creator&quot; service providers. A user
needs to contact an administrator user (via a dedicated service on the
official ENS site), and upon successful communication between the user and
an ENS administrator with a proof of user legitimacy to become a trusted
ENS entity creator service provider, the user will be granted (normally
given by e-mail) an attribute certificate attesting him/her as a trusted
entity creator service provider.
</p><br>

<p>The Project also stores the
following information in the user account:</p>

<ul>
<li>List of all attribute certificates activated to a user,

<li>List of all revoked/deactivated certificates of a user.
</ul>

<p>The Project reserves the right to 
revoke/deactivate any user certificate where it is reasonably necessary to 
protect the rights, property or safety of the Project, its users or the public.
</p><br>

<p>The following information related 
to the activity of users is stored in log files:</p> 

<ul>
<li>Date and time of any successful and unsuccessful user authorization, 

<li>Date and time of any activated and revoked credential, 

<li>Date and time of any password reset by a user.
</ul>

<p>When a user resets password or 
revokes a credential, the Project may also record further information in log 
files, such as the IP address used, in line with the purposes stated in Section 
1.1. This information can help in following up any doubtful activity relating 
to users' accounts.
</p><br>

<p>
The core ENS services do not use cookies on user side to keep any session data. 
Instead a trusted proxy component (downloaded only from the official ENS 
site) is used to leverage secure and trusted communications between ENS 
users/service providers and ENS services.
</p><br>

<p>
Third party services attracting ENS users (i) may use cookies to keep 
information of a current security session, as in the case of HTTPS protocol, 
and in such cases the cookies should contain information only regarding a 
current session; (ii) may store a log data of user identity accessing the 
services and some additional technical information, such as IP addresses 
of users.
</p><br>

<p>2.2.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Access to and release of personally identifiable information</p>

<p>
By registering, a user authorizes the disclosure of the personal details,
he/she has entered during user registration, to the ENS system that the user accesses
after having authenticated to the ENS. If a user was registered by his/her
organization, the user consent is assumed to have been given
(implicitly or explicitly) for the transfer of his/her details. The details
of the activity associated with your account are never passed to any
third-party sites/systems other than the Project ENS conforming to the
exceptions listed in Section 2.2.2. Users can inspect all the data that is
maintained about their own account via the dedicated ENS service for that.
</p><br>

<p>
If a user needs to access a Project community site that requires the user to 
authenticate (e.g., ENS Web front-end toolkits), but the user does not wish
the site to have access to the details he/she supplied in order to gain access,
it is recommended that the user create a separate account for this purpose.
This will require the user to provide a 
distinct e-mail address, which needs not be traceable to the user personally. 
However, this will disable user's active credentials assigned to the user's
original identity certificate when accessing via a different registration data.
</p><br>

<p>
OKKAM modules and services outside the OKKAM core services, e.g., the entity
subscription service, may gather additional user personal data based on
corresponding requirements of service usage. Each such service is bound to
notify the user of the type of data gathered and its use, as well as
verify the user's consent on this process.
</p><br>

<p>2.2.1.&nbsp;&nbsp;&nbsp;&nbsp; Access</p>

<p>
The Project is primarily run by volunteer contributors. Some dedicated users
are chosen by the community to be given privileged access, such as an
administrator privilege or a trusted ENS entity creator privilege.
</p><br>

<p>
ENS users with an administrator privilege have a high level of service access
to any ENS service and any private identifiable information except users'
private key data. The administrator user examines its authority only in
response to the situations listed below. The administrator users have the
authority to identify who is the author of a given public act of creating or
modifying ENS entities. There is a trusted authorization manager user elected
by the ENS management consortium that has the authority to grant (promote)
administrator privileges to ENS users. This is a non-automated process
including (whenever necessary) proofs supporting the decision of granting
the administrator privilege.
</p><br>

<p>
ENS users who have the administrator privilege have the authority to grant to
ENS users the trusted ENS entity creator privilege. This is a non-automated
process including (whenever necessary) proofs supporting the decision of
granting the trusted entity creator privilege.
</p><br>

<p>
ENS users with a trusted ENS entity creator privilege have the right to
(i) create ENS entities on behalf of ENS users, and as such, have the
authority to make users as authors of such public act (of ENS entity creation)
in the ENS system; and (ii) store locally users' identity information in
their own log data.
</p><br>

<p>
ENS users with a trusted ENS entity creator privilege are given permissions to
provide an easy and intuitive ENS entity creation process as a third-party ENS
service to ENS users.
</p><br>


<p>2.2.2.&nbsp;&nbsp;&nbsp;&nbsp; Policy on Release of Data</p>

<p>
It is the policy of the Project that personally identifiable data collected in
the server logs, or through records in the database, or through other
non-publicly available methods, may be released by the Project administrators,
trusted entity creators (from their log files), or the ENS staff,
in any of the following situations:
</p><br>

<ul>
<li>In response to a valid subpoena or other compulsory request from law enforcement, 

<li>With permission of the affected user, 

<li>When necessary for investigation of abuse complaints, 

<li>Where the information pertains to page views generated by a spider or bot and its 
dissemination is necessary to illustrate or resolve technical issues,

<li>Where the user has been vandalizing ENS entities or persistently behaving in a 
disruptive way, data may be released to a service provider, carrier, or other 
third-party entity to assist in the targeting of IP blocks, or to assist in the 
formulation of a complaint to relevant Internet Service Providers,

<li>Where it is reasonably necessary to protect the rights, property or safety of the Project, 
its users or the public.
</ul>

<p>Except as described above, the 
Project policy does not permit distribution of personally identifiable 
information under any circumstances.
</p><br>

<p>2.2.3.&nbsp;&nbsp;&nbsp;&nbsp; Third-party access and notifying registered users when receiving legal process</p>

<p>
As a general principle, the access to, and retention of, personally
identifiable data in the Project should be minimal and should be used only
internally to serve the well-being of the Project. Occasionally, however,
the Project may receive a subpoena or other compulsory request from a
law-enforcement agency or a court or equivalent government body that
requests the disclosure of information about a registered user, and may be
compelled by law to comply with the request. In the event of such a legally
compulsory request, the Project will attempt to notify the affected user
within three to five business days after the arrival of such subpoena
by sending a notice by e-mail to the e-mail address that the affected
user has listed in his or her registration account.
</p><br>

<p>
The Project cannot advise a user receiving such a notification regarding the
law or an appropriate response to a subpoena. The Project does note, however,
that such users may have the legal right to resist or limit that information
in court by filing a motion to quash the subpoena. Users who wish to oppose a
subpoena or other compulsory request should seek legal advice concerning
applicable rights and procedures that may be available.
</p><br>

<p>
If the Project receives a court-filed motion to quash or otherwise limit the 
subpoena as a result of action by a user or their lawyer, the Project will not 
disclose the requested information until the Project receives an order from 
the court to do so.
</p><br>

<p>
Registered users are required to provide an e-mail address. When an affected
registered user provides an invalid/non-existing email address, the Project
will not be able to notify the affected user in private e-mail messages when
it receives requests from law enforcement to disclose personally identifiable
information about the user.
</p><br>

<p>2.3.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; How the Project protects and safeguards users' personal information</p>

<p>
The Project stores users' personal information in a secure storage and authorized
people can only access that information. The Project keeps all users'
registration data confidential, encrypted with a server master password. The
server master password is kept secretly, not shared or communicated with
anybody. All users' information stored in log files is used to diagnose and
resolve problems and to deal with security incidents.
</p><br>

<p>
A user provides its personal information during registration and submits it to 
the ENS system only via a secure connection. There are two ways a user can 
register to the Project: via a proxy component, or via a trusted entity creator 
(external to ENS) system.
</p><br>

<p>
The proxy component directly interacts with the ENS, and provides secure 
communication between the user proxy instance and an ENS server. To achieve 
authenticity of the proxy software the user has to download the proxy from 
the official ENS site.
</p><br>

<p>
A trusted entity creator system is distinguishable by the ENS logo and an
explicit reference to an ENS service verifying legitimacy of third party ENS
entity creator systems. A trusted entity creator system provides a Web-based
interface for users to register to ENS. All communications between users'
browsers and the trusted entity creator system are over a secure connection.
As a back-end of the trusted entity creator system, there is a proxy component
that handles the true registration to ENS (via a secure communication) and
then returns back the result of the registration to the user through
the trusted entity creator registration interface.
</p><br>

<p>
A user does not login to ENS or any third-party systems using the classical
username/password mechanism. In contrast, the user password should never be
communicated over a communication channel for logging purposes. ENS users
should never use their password to authenticate to any ENS service or third
party site. Users passwords are never stored in the ENS system.
</p><br>

<p>
Users use their passwords to protect confidentiality and integrity of their
personal data. Users use (locally) their username and password to make the
ENS proxy component or a web browser aware of user's available certification.
These are the only places where the password is needed. Then on, the true
authentication is achieved with the use of the user's private key, and via
widely used secure and safe cryptographic protocols, such as HTTPS (over SSL),
or Web service message security (with mutual certificate authentication).
</p><br>

<p>
The details about a user account are available only to the user and the ENS 
administrators. The ENS administrators can view all personal data pertaining 
to a particular user, except the user's private key information (if stored at 
the ENS). This helps administrators to perform duties such as helping users 
with problems and diagnosing suspected security incidents. Users' private 
keys are never revealed to anybody except the cases 
listed in Section 2.2.2.
</p><br>

<p>
If a user has registered directly, the user should be aware that anyone with
access to read its e-mail address may be able to use the account the user
created and may acquire the identity the user represents. Users are responsible
for assessing the risk that the e-mail address presents to them personally.
</p><br>

<p>
When registering, a user should make sure that his/her browser indicates 
(usually by means of a padlock or other icon) a secure connection and that the 
user is connected to the ENS official site address.
</p><br>

<p>
Any third party site or server, offering services to ENS users, should (i) 
register to ENS in order to provide services to ENS users; and (ii) use the 
ENS trusted certification authorities (the Project root of trust and its 
subordinate certification authorities) for authenticating and authorizing 
ENS users.
</p><br>

<p>
ENS users are not required to have registration account at any third party ENS 
service provider's system in order to use those provider's services that are
built on the core ENS services.
</p><br>

<p>
Any ENS user wishing to use third party ENS service providers' systems should
require from the ENS service provider mutual authentication before accepting
to use its services. The Project recommends that any communication between ENS
users and ENS service providers should occur over an encrypted (confidential)
channel, such as HTTPS with mutual authentication. ENS users should not give
any identity data over unencrypted message communication channel. ENS users
should never reveal their password to anybody for the sake of authentication.
</p><br>

<p>2.4.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; How a user verifies, modifies or deletes its personal information</p>

<p>
Users can verify their account information directly form the registration file
received upon a successful registration process. Users can review their personal
information either in the Internet browser they imported the registration data,
or in the operating system certificate management service, if their imported
their registration data at that level, or using the ENS proxy component.
</p><br>

<p>
If a user has registered to the ENS system, the user will be able to change
(make up-to-date) any personal information on-line via dedicated ENS services.
All services are accessible via the ENS official web site.
</p><br>

<p>
Users are allowed to reset their password or entire registration information 
using the registered e-mail address. Users should bear in mind that anyone 
else with access to their e-mail (because of automatic forwarding, delegation 
or other reasons) will be able to reset the above data. All changes to users' 
personal data, including account deletion, are communicated to the e-mail 
address provided at registration time, and confirmed via a message code 
sent to that e-mail.
</p><br>

<p>
However, if user details were registered through a third party, the user may
not be able to change its details, and he/she will have to contact that third
party in order to have the information changed: you may nevertheless have
the information updated by the ENS, but if the third party re-submits this
information to the ENS, it will be re-instated.
</p><br>

<p>
Password reset does not generate a new public/private key pair, but just 
rebuilds user registration data file encrypted with a different password. 
Password reset is only possible if a user has agreed to keep its private 
key in the ENS system.
</p><br>

<p>
If a user has any reason to believe that his/her password has been compromised 
the user should report that to a dedicated ENS service for certificate 
revocation, and redo personal data registration following the ENS 
service support.
</p><br>

<p>
Users whose accounts do not have a valid e-mail address will not be able to
reset their password/private key/registration data if such is lost. In such a
situation, however, users may be able to contact an administrator user of the
Project (with proper proofs supporting user authenticity and relation to user's
account) to delete the user's account (including revocation of user's public-key
certificate and all active attribute certificates) and then register
user personal data again.
</p><br>

<p>2.5.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; How long the Project keeps users' personal data</p>

<p>
User registration is for 3 years from the date of registration. Users' public-key
certificates are valid for 3 years. All users' attribute certificates are either
valid as long as the user's public-key certificate is valid, or valid until a
date defined by the authority at the time of registering the user attribute
certificate. In the latter case the date must be before the user's public-key
certificate expiration date.
</p><br>

<p>
Any registered user is responsible to renew its registration some time before
its public-key certificate expires, and via a dedicated ENS service for that.
If a user was registered through a third party the renewal of user registration
is to be done via that third party.
</p><br>

<p>
When a user registration expires, the ENS system will deactivate the user 
account, and will keep it available for user activation for a period up to 
six months from the expiration date. After that period the user account 
will be erased from the ENS database.
</p><br>

<p>
Data from the ENS registration service is backed up regularly to ensure a 
correct system restore if necessary to restart operations. Furthermore, the 
ENS registration service is monitored and all sensitive actions on the system 
are logged, including each authentication request. These logs (log files) are 
rotated regularly and removed from the active system after a maximum of six 
months in accordance with Regulation (EC) No 45/2001. All log files backed 
up by the ENS backup procedure, and removed from the ENS active system, 
will remain in a backup archive stored in a separate storage.
</p><br>

<p><b>3.&nbsp;&nbsp;&nbsp;Contact Information</b></p>

<p>If you wish to ask questions or 
post complaints about the service with respect to the use of your personal 
information, you should follow the contact link that is shown on the ENS 
official web page or write to the following address:
</p><br>

<p>Paolo Bouquet (Project Coordinator)<br>
Dipartimento di Ingegneria e Scienze dell'Informazione<br>
Universit&agrave; degli Studi di Trento <br>
Via Sommarive 14, <br>
38050 Povo di Trento, <br>
Italy
</p><br>

<p><b>4.&nbsp;&nbsp;&nbsp;Details of data retention</b></p>

<p>General expectations</p>

<p>4.1.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;IP and other technical information</p>

<p>
When a visitor requests or reads an ENS page, or sends e-mail to an ENS server,
no more information is collected than is typically collected by web sites.
The Project may keep raw logs of such transactions, but these will not be
published or used to track legitimate users.
</p><br>

<p>4.2.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Cookies </p>

<p>
All interactions with ENS services via the ENS proxy component do not require 
any form of cookies. The proxy component keeps session data in memory until 
the proxy is active. Once the proxy is quitted, all session data in 
memory is erased.
</p><br>

<p>
All interactions with ENS sites or third-party Web-based services may set a 
temporary session cookie on a visitor's computer whenever a communication is 
established. Readers who do not intend to log in or edit may deny this cookie. 
Contributors using a public machine who do not wish to show their session data 
to future users of the machine should clear these cookies after use.
</p><br>

<p>4.3.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Creating and editing ENS entities</p>

<p>
When a user requests to create or edit an ENS entity via the proxy component,
the user is authorized to the ENS system, and a log data is stored with the
user distinguished name, the operation requested to be performed, date and
time of the request, and the ENS entity to be created/modified. In case the
user is not authorized the log data stored is the same as the above, but
without the ENS entity information.
</p><br>

<p>
If a user requests to create or update an ENS entity via a third-party service
(for example via the ENS Entity Creator Web interface) then the user data,
first, may be logged in the third-party system, and, second, will be logged in
the ENS system including the user distinguished name, the operation requested
to be performed, date and time of the request, the ENS entity to be
created/modified, and the identity of the third-party system, on behalf of
which the user requests. ENS may record also the IP address of
the third-party system.
</p><br>

<p>
Users contributed to ENS entities are neither publicly identified, nor this
information is given to anyone. However, IP address information and user
contributions that share it can be retrieved from log files and released to
respective authorities under certain circumstances (see Section 2.2.2). The
log data of users' contribution to ENS will be kept permanently on the ENS in a
dedicated log backup storage.
</p><br>

<p>4.4.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;History of ENS entities</p>

<p>
Edits or other contributions on ENS entities' description, such as split, merge 
or delete entities, are internally logged by ENS servers along with users' 
identities made those contributions. The history of ENS entities' descriptions 
is for internal use only (e.g., for analysis and statistics) and is not made 
available to the public.
</p><br>

<p>
Removing text from an ENS entity's description does not permanently delete it.
Administrator users can permanently delete information with access to ENS servers.
</p><br>

<p>
The Project has established a means to keep history of ENS entities evolution
(also referred to as Entity Evolution Lists), which is a service with public
access. Any user with public access can look up if an ENS entity has
undergone any evolution by means of split, merge or delete operations.
The entity evolution service does not contain any information on changes of ENS
entity's description, but only information on changes of entity's unique
identifier.
</p><br>

<p>
OKKAM modules and services outside the core OKKAM services, e.g., the entity
subscription service, may use any subpart of information on changes concerning
ENS entities. This part of information may be broadcast (i.e. made publicly
available) to subscribed parties, based on the access policy applicable to
registered users.
</p><br>

<p>4.5.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Querying ENS entities</p>

<p>
No more information on users and other visitors querying for ENS entities is
collected than is typically collected in server logs by web sites. Aside from
the above raw log data collected for general purposes, querying ENS entities
does not expose any visitor's related data publicly. Sampled raw log data may
include the IP address of any user, the query input format and data, and the
produced output result. The log data of querying ENS entities is not reproduced
publicly and used only internally for statistics and quality of service analyses.
</p><br>

<p>4.6.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Discussions</p>

<p>   Via e-mail:</p>

<p>
Users who provide a valid e-mail address can enable other logged-in users to
send e-mail to them through the Project means. When receiving e-mail from other
users through the ENS system, one's e-mail address is not revealed to them. When
choosing to send e-mail to other users, one's e-mail is displayed as the sender.
</p><br>

<p>   On mailing lists:</p>

<p>
The e-mail addresses used to subscribe and post to the Project mailing lists are
exposed to other subscribers. The list archives of most such mailing lists are
public, and searches of public archives may be performed on the Web. Subscribers'
addresses may also be quoted in other users' messages. These e-mail addresses
and any messages sent to a mailing list may be archived and may remain available
to the public permanently.
</p><br>

<p><b>5.&nbsp;&nbsp;&nbsp;Disclaimer</b></p>

<p>
The Project believes that maintaining and preserving the privacy of user data
is an important value. This privacy policy, together with other policies,
resolutions, and actions by the Project, represents a committed effort to
safeguard the security of the limited user information that is collected and
retained on the Project servers. Nevertheless, the Project cannot guarantee
that user information will remain private. We acknowledge that, in spite of our
committed effort to protect private user information, determined individuals
may still develop data-mining and other methods to uncover such information and
disclose it. For this reason, the Project can make no guarantee against
unauthorized access to information provided in the course of participating in
running the Project and its community process.
</p><br>

</div>

<div><br clear=all>

<hr align=left size=1 width="33%">

<div id=ftn>

<p style='margin-bottom:0cm;margin-bottom:.0001pt;tab-stops:28.0pt 56.0pt 84.0pt 112.0pt 140.0pt 168.0pt 196.0pt 224.0pt 252.0pt 280.0pt 308.0pt 336.0pt;
text-autospace:none'><a href="#_ftnref" name="_ftn1" title="">[1]</a> <span style='font-size:8.0pt;'>REGULATION
(EC) No 45/2001 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 18 December 2000 on &quot;the protection of individuals with regard
to the processing of personal data by the Community institutions and bodies and on the free movement of such data&quot;. Official Journal of the
European Communities, 2001.</span></p>

</div>

</div>

</td></tr>
</table>

</body>

</html>
